Nine vulnerabilities in the open source Digital Imaging and Communications in Medicine (DICOM) server Orthanc allow attackers to crash servers, leak data, and execute arbitrary code remotely. A lightweight standalone DICOM server for healthcare and medical research, Orthanc supports the… Read More "Orthanc DICOM Vulnerabilities Lead to Crashes, RCE"
Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) is pushing federal contractors to demonstrate, not just assert, that they can protect sensitive government data. Eligibility for contracts now depends on the ability to show how controlled unclassified information (CUI) is handled,… Read More "CMMC compliance in the age of AI"
Cyber attackers have become so prolific at abusing legitimate enterprise accounts and identity systems to compromise networks that it has become a “mass-marketed impersonation crisis,” security analysts at SentinelOne have warned. This creates a problem, because an adversary using valid… Read More "Hackers Exploit Compromised Enterprise Identities at Industrial Scale"
SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy… Read More "In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack"
Ravie LakshmananApr 10, 2026Malware / Blockchain Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s designed to stealthily infect all integrated development environments (IDEs) on a developer’s machine. The technique has been… Read More "GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs"
German police have pinned a name to one of the world’s most notorious hackers. Danii Shchukin operated under the names of UNKN or Unknown and GandCrab and was, according to German police, the leader of one of the largest globally… Read More "Hacker Unknown now known, named on Europol’s most-wanted list"
Cloud phone technology and financial fraud have become a growing concern for banks and cybersecurity teams, according to new research examining how remote mobile devices hosted in data centres are being used in fraud operations. A new Group-IB report, published… Read More "Cloud Phones Linked to Rising Financial Fraud Threat"
Juniper Networks this week released patches for nearly three dozen vulnerabilities, including Junos OS and Junos OS Evolved bugs that could lead to privilege escalation, denial-of-service (DoS), and command execution. The most severe of the flaws is CVE-2026-33784 (CVSS score… Read More "Juniper Networks Patches Dozens of Junos OS Vulnerabilities"
Ravie LakshmananApr 10, 2026Vulnerability / Threat Intelligence A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score:… Read More "Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure"
When voters in the forthcoming Hungarian election assess the current government, its record on internet security will not be one of its proudest achievements. An analysis by open source investigation organization Bellingcat has revealed that the passwords for almost 800… Read More "Hungarian government email passwords exposed ahead of election"
